Cyber Insurance – a growth market

PWC predicts that the global cyber insurance market will grow to US$7.5bn in annual premiums by 2020. The US market has grown rapidly over the past decade due to an increase in state regulation such as mandatory notification requirements. Even still, it is thought that fewer than 10% of companies have purchased a cyber insurance product, which demonstrates the exponential growth that we are still likely to see, as reported by PWC.

The UK & European markets are likely to see similar levels of growth from 2017, as companies begin to prepare for the new EU wide General Data Protection Regulation (GDPR), which will be applied from the 25th May 2018. Although the regulation is vast, there are three key areas that are likely to change the market.

  1. Companies in EU member states have been using legislative loop holes to not report cybercrime as it can be seen as detrimental to brand image. The GDPR will increase regulation in notification requirements, which will not only inform their clients of potential loss, but will also help to build accurate historical data for the insurance market. The UK and European markets are likely to see an increase in demand for cyber products because of this, as has been seen in the US.
  2. The GDPR will enable claimants to receive compensation for immaterial damage, in relation to damage caused that is not in compliance with the GDPR. This is likely to be one of the main catalysts for the increase in demand for third party cyber products.
  3. The penalties for non-compliance are between 4% and 2% of global turnover. Although these are unlikely to be indemnifiable under any cyber policy, it is worth noting that the threat of these fines are likely to encourage companies to seek risk management expertise.

Caytons Cyber will continue to update our website to reflect any additional points, or please subscribe to our newsletter by contacting us

What is the standard product available in the Market?

Cyber risk crosses multiple lines of business and so it has proven difficult to establish a standard product. However, the products available can be split into the following sections:

  1. Third party data & multimedia covers the policyholder against negligence occurred in handling data and multimedia of their clients, as well as reasonable defence costs and expenses incurred. In most cases, this cover also includes the policyholder’s failure to protect their clients’ data against theft and misuse.
  2. The cyber forensics and breach response service allows policyholders to be indemnified for reasonable costs incurred through the instruction of expert services to mitigate loss in the event of a network breach. This may include network incidents to patch security holes and in turn mitigate risk.
  3. System rectification will pay for the reasonable costs incurred in remedying the policyholder’s computer system to the same state as before a breach occurred.
  4. Cyber contingency covers business interruption incurred within pre-agreed limits.
  5. Data extortion indemnifies the policyholder against credible extortion threats, including but not limited to ransomware attacks.

The majority of cyber forensics, breach response and system rectification cover allows the policyholder to be indemnified for costs incurred by specialists that are chosen by the policyholder. This type of cover is estimated to not be in the best interests of either the insurer or policyholder. The insurer in this situation may have to incur unnecessarily large costs; or the adverse effect on the policyholder would be that the insurer would not cover what they deem as unnecessary expenses. This model can have a negative impact on an insurer’s loss ratio and makes the policyholder feel insecure about the cover provided.

What is different about our model?

Our main objective is to streamline the services that our insurer clients provide to their policyholders in order to create a cost effective service that benefits both the insurer’s books and delivers excellent customer service to their policyholders.

What we provide:

  1. A bespoke policy wording service in conjunction with Caytons Law that helps our insurer clients understand each insuring clause available and which would be most appropriate for their product.
  2. Notification agents and claims assessors to manage the day-to-day activities of each matter notified from first advice to closure.
  3. In house cyber security experts to mitigate loss associated with network breach and to mitigate risk in the event of a network incident.
  4. Cyber forensics & breach response partners for large quantum and specialist matters, inclusive of state sponsored attacks. We have hand selected our partners based on their excellent credentials, which are not limited to founding members of CREST and organisations backed by the UK government’s ‘Cyber Incident Response’ scheme.
  5. Software Escrow Online is available to policyholders to mitigate loss associated with insuring clauses including business interruption.
  6. Solicitors can be instructed through Caytons Law in the event of Court Proceedings.

Our product is tailored individually to our insurer clients’ requirements. For more information, please contact us.

Cyber Liability at Caytons Law

The increasing use of technology by businesses and individuals gives rise to greater potential for significant financial and reputational damage in the event of data loss or security breaches for business enterprises and their clients.

We assist insurers and insurance brokers on legal issues that arise in connection with cyber liability, including drafting policy wordings, product development, and identifying potential exposures and gaps in the market place.

At Caytons Law, we are able to assist clients to better identify, manage and protect their exposure to liabilities arising from loss, damage or modification of data, unauthorised access and other data security breaches. This can include not only financial and reputational exposure, but also regulatory and other issues relevant for professionals - with a particular focus on legal professionals.

We recognise that, in the event of data loss or security breaches, clients will have important reputational and operational issues that need to be swiftly and effectively managed and addressed alongside the legal issues and exposures. In this regard, our cyber liability team is actively developing specific solutions and new products to assist clients in better management of and protection against their specific cyber liability risks and exposures.

The team has experience of advising firms and SMEs developing technological, software, websites, and other innovative solutions with a particular focus in emerging “smart city” initiatives, as well as the shared use and development of 3D, 4D and 5D design, building information, and modelling within the construction and engineering industries. This includes advising on diverse intellectual property issues and potential infringements of intellectual property rights, including trademarks and copyright.

At the direct level, we have experience of drafting and advising on website terms and conditions of use, cookie and data protection policies, and addressing exposures arising from website internet content and blogs. Philip also has experience of drafting and advising on international joint venture and distribution agreements for the use of innovative products, including software programs.

Regulatory and data protection requests for information, and electronic disclosure are other areas where we are able to assist and provide effective solutions for clients, having regard to their specific legal and regulatory obligations.